Friday, April 6, 2018

Being Securely Prepared

Security is something that is usually thought of after the fact. We get lulled into the idea that if something worked fine the day before then it should be fine tomorrow. So we never take the time to take the steps to deal with the unexpected of tomorrow.

We are in the age of a new kind of cyber crime. In the past, hackers made computer viruses for the sake of it. But now they do so for profit. There are viruses (ransomware) that will encrypt your whole hard drive and then ask for a bitcoin payment in order for you to get your precious photos back. Sensitive information is becoming more and more valuable and is stolen and used for identity theft. Although we shouldn't be paranoid, there are small steps we can take in order to be a bit safer. Here are two of the programs that I use.

Protect your data on your personal computer. I'd recommend VeraCrypt. VeraCrypt is an open source file and drive encryption tool. It works across platforms on Windows, OSX and Linux. You can either encrypt an entire drive or you can create a encrypted container of whatever size you want. You use VeraCrypt to encrypt and decrypt the container. Thus, anything you put into the container will be encrypted. It would make sense to store your sensitive documents in a password encrypted container. I'm sure you'd feel a lot better if you had encrypted your data on your laptop that was stolen or your lost thumb drive. What's also cool is that VeraCrypt offers plausible deniability. This means that noone can prove that there is even an encrypted volume there. All it looks like is random data.

Use a password manager. We live in the age of the internet so you probably have logins for many different sites. Its difficult keeping track of all the different logins and passwords so many people resuse passwords or only make slight changes from site to site. At the very least, the passwords are short and insecure. That's where a password manager comes in. You can login just once with a master password and that will open up access to all the logins to websites. This means that you only need to memorize one secure password. It means you can easily generate long 30 character random passwords that look like this: WVI&BVCOUATO3p%&Fes*&L^70Lyj2#. This makes it unguessable and if hackers manage to steal passwords for one site, they wouldn't be able to guess your password pattern on another site.

I personally love LastPass. It comes as browser plugin and can auto fill passwords for many sites. It stores passwords securely in the cloud so that you can access the same passwords on different devices. Although its proprietary, there is a lot of security research around how they have implemented the solution. LastPass does not have access to your master password or your unencrypted stored passwords. Everything is encrypted end to end.

LastPass also has some cool features like being able to share passwords with other LastPass users (useful for family or teams at work), two factor authentication, and even an ability to only share passwords with family members if you die!

The last product I'll recommend today is DropBox. It's likely you've heard of DropBox. It can't be stressed enough how important an offsite backup of your data is. First of all, its important to have any backup of your data because storage drives die (or get stolen) all the time. Backing up to another harddrive is much better so that you can recover your data, but it won't prevent you from disasters such as a fire (or maybe both your drives die or get stolen). That's why its important to have offsite backups such as DropBox. So make sure to backup important documents using something like DropBox. To make this even nicer, you can use VeraCrypt to create an encrypted partition in DropBox so that your data is encrypted in the cloud! How cool is that?

Fyi I'm not paid anything to endorse these products. I'm currently not paid to do anything these days ;) These are just some security related products that I use and I'd like to pass on the info. At the very least, take a moment to think about a few disaster scenarios and a few steps on how to make that better. Just like practicing a fire drill, its important to practice thinking through and preparing for security incidents.